On Monday 13 June 2005 04:41 pm, LeVA wrote: > 2005. június 14. 01:36, > Ian Eure <[EMAIL PROTECTED]> > > > PLAIN is easier to set up. IIRC, CRAM-MD5 requires a seperate password > > file. Shouldn't be a risk if you're only using PLAIN over TLS. > > I understand that with TLS or SSL the clear text passwords are secured, so > do you think that an SSL + CRAM-MD5 combination is just a usesell > complication of the problem, and I should stay with the SSL(or TLS) + clear > text auth or with the no connection encryption + CRAM-MD5 auth? > I don't see why it would be helpful, unless you're trying to keep your info secret from a determined/resourceful attacker. But an attacker like that would probably get it anyways.
I use TLS & PLAIN, and encrypt/sign my messages with GPG for my business email, and I think that's plenty secure for my needs.
